cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

6253
Views
0
Helpful
2
Replies
Laurens Toning
Beginner

ACE 4700 configuring SSL termination weblogic server 10.3.6

Hello,

Im trying to configure an ACE 4700 so that SSL termination is done on the ACE and HTTP reaches the weblogic server instance.

I have a working setup of a Apache reverse proxy doing SSL offloading and using a weblogic module and that works fine

Was reading http://docs.oracle.com/cd/E23943_01/web.1111/e13709/load_balancing.htm#i1045186

Can anyone point me to a working config example for doing this with the ACE4700 or give me some directions here?

Kind regards,

Laurens

1 ACCEPTED SOLUTION

Accepted Solutions
Cesar Roque
Enthusiast

Hi Laurens,

Here is a basic configuration for SSL termination:

rserver host test

  ip address 10.198.16.98

  inservice

rserver host test2

  ip address 10.198.16.93

  inservice

serverfarm host test

  rserver test 80

    inservice

  rserver test2 80

    inservice

ssl-proxy service TEST

  key cert

  cert cert

class-map match-all VIPSSL

  2 match virtual-address 10.198.16.122 tcp eq https

policy-map type loadbalance first-match test

  class class-default

    serverfarm test

policy-map multi-match clients

  class VIPSSL

    loadbalance vip inservice

    loadbalance policy test

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 112

    ssl-proxy server TEST

interface vlan 112

  ip address 10.198.16.91 255.255.255.192

  access-group input Allow_Access

  nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat

  service-policy input NSS_MGMT

  service-policy input clients

  no shutdown

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

View solution in original post

2 REPLIES 2
Cesar Roque
Enthusiast

Hi Laurens,

Here is a basic configuration for SSL termination:

rserver host test

  ip address 10.198.16.98

  inservice

rserver host test2

  ip address 10.198.16.93

  inservice

serverfarm host test

  rserver test 80

    inservice

  rserver test2 80

    inservice

ssl-proxy service TEST

  key cert

  cert cert

class-map match-all VIPSSL

  2 match virtual-address 10.198.16.122 tcp eq https

policy-map type loadbalance first-match test

  class class-default

    serverfarm test

policy-map multi-match clients

  class VIPSSL

    loadbalance vip inservice

    loadbalance policy test

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 112

    ssl-proxy server TEST

interface vlan 112

  ip address 10.198.16.91 255.255.255.192

  access-group input Allow_Access

  nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat

  service-policy input NSS_MGMT

  service-policy input clients

  no shutdown

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

View solution in original post

Hello Cesar,

Thank you for your reply and time.

The actual solution for configuring the ACE 4700 specificaly to work with the Weblogic server was to insert a header.

action-list type modify http HTTP-HEADER-INSERT-WebLogic

header insert both WL-Proxy-SSL  header-value “true"

policy-map type loadbalance first-match ssl-test_somewhat.com_POLICY

class testsomewhat.com_CLASSURL

serverfarm http-test.somewhat.com

action HTTP-HEADER-INSERT-WebLogic

I hope this info will be usefull for other people that are trying to do the same.

Regards,

Laurens Toning


Content for Community-Ad
This widget could not be displayed.